aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoramatthews <adrian.matthews@est.tech>2022-08-18 15:31:12 +0100
committerAndreas Geissler <andreas-geissler@telekom.de>2022-10-24 13:39:32 +0000
commit379daacca80d748ea9fee3c4185c828a9559b509 (patch)
tree91591b52e8402e61821e811f5973548deab060ef
parent702d68ae02195cbe56ab5f5cd61bddc816880076 (diff)
[OOF] Service Mesh Compliance for OOF
Updating basic requirements for Service Mesh Compliance within OOF. Removed AAF dependencies in OOF deployments. Resolved merge conflict for oof-has/resources/conflict/conductor.conf for DCAE Issue-ID: OOM-2253 Change-Id: I660085ca94db723e4880dfa67aa31b604e712d15 Signed-off-by: amatthews <adrian.matthews@est.tech>
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml12
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml4
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-api/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml8
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml8
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml6
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml6
-rwxr-xr-xkubernetes/oof/components/oof-has/resources/config/conductor.conf25
-rw-r--r--kubernetes/oof/components/oof-has/resources/config/nginx.conf5
-rwxr-xr-xkubernetes/oof/components/oof-has/values.yaml2
-rw-r--r--kubernetes/oof/resources/config/conf/common_config.yaml2
-rwxr-xr-xkubernetes/oof/resources/config/conf/osdf_config.yaml13
-rw-r--r--kubernetes/oof/templates/deployment.yaml8
-rw-r--r--kubernetes/oof/templates/service.yaml4
-rw-r--r--kubernetes/oof/values.yaml24
15 files changed, 99 insertions, 30 deletions
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
index 3ed20ba8a6..4e38c830f0 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
@@ -44,8 +44,10 @@ spec:
args:
- --container-name
- oof-has-controller
+ {{- if (include "common.needTLS" .) }}
- --container-name
- aaf-service
+ {{- end }}
env:
- name: NAMESPACE
valueFrom:
@@ -55,6 +57,7 @@ spec:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if (include "common.needTLS" .) }}
- name: {{ include "common.name" . }}-has-sms-readiness
command:
- sh
@@ -73,6 +76,7 @@ spec:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.curl" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- end }}
{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
@@ -108,9 +112,11 @@ spec:
- mountPath: /usr/local/bin/log.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: log.conf
+ {{- if (include "common.needTLS" .) }}
- mountPath: /usr/local/bin/AAF_RootCA.cer
name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
- name: {{ include "common.name" . }}-nginx
@@ -121,8 +127,10 @@ spec:
args:
- "-c"
- |
+ {{- if (include "common.needTLS" .) }}
grep -v '^$' /opt/bitnami/nginx/ssl/local/org.onap.oof.crt > /tmp/oof.crt
cat /tmp/oof.crt /tmp/intermediate_root_ca.pem /tmp/AAF_RootCA.cer >> /opt/bitnami/nginx/org.onap.oof.crt
+ {{- end }}
/opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
@@ -146,12 +154,14 @@ spec:
- mountPath: /opt/bitnami/nginx/conf/nginx.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: nginx.conf
+ {{- if (include "common.needTLS" .) }}
- mountPath: /tmp/AAF_RootCA.cer
name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
- mountPath: /tmp/intermediate_root_ca.pem
name: {{ include "common.fullname" . }}-onap-certs
subPath: intermediate_root_ca.pem
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -178,6 +188,8 @@ spec:
path: conductor.conf
- key: log.conf
path: log.conf
+{{- if (include "common.needTLS" .) }}
{{ include "oof.certificate.volume" . | indent 8 }}
+{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml
index 751545ebef..f13e7cea9b 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml
@@ -32,11 +32,11 @@ spec:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.externalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- end}}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
index e4e843ac3e..c850cb7752 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
@@ -45,7 +45,7 @@ service:
externalPort: 8091
internalPort: 8091
nodePort: 75
- portName: oof-has-api
+ portName: http
#backend container info
uwsgi:
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml
index 55bb4f620d..92be670db6 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml
@@ -43,8 +43,10 @@ spec:
args:
- --job-name
- {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
+ {{- if (include "common.needTLS" .) }}
- --container-name
- aaf-sms
+ {{- end }}
env:
- name: NAMESPACE
valueFrom:
@@ -54,6 +56,7 @@ spec:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if (include "common.needTLS" .) }}
- name: {{ include "common.name" . }}-cont-sms-readiness
command:
- sh
@@ -72,6 +75,7 @@ spec:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.curl" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
@@ -113,9 +117,11 @@ spec:
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
+ {{- if (include "common.needTLS" .) }}
- mountPath: /usr/local/bin/AAF_RootCA.cer
name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -141,6 +147,8 @@ spec:
path: log.conf
- key: healthy.sh
path: healthy.sh
+{{- if (include "common.needTLS" .) }}
{{ include "oof.certificate.volume" . | indent 8 }}
+{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml
index 4f58ec3b94..72ecd7db2d 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml
@@ -52,6 +52,7 @@ spec:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if (include "common.needTLS" .) }}
- name: {{ include "common.name" . }}-data-sms-readiness
command:
- sh
@@ -70,6 +71,7 @@ spec:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.curl" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
@@ -112,6 +114,7 @@ spec:
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
+ {{- if (include "common.needTLS" .) }}
- mountPath: /usr/local/bin/aai_cert.cer
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: aai_cert.cer
@@ -121,6 +124,7 @@ spec:
- mountPath: /usr/local/bin/AAF_RootCA.cer
name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -146,10 +150,14 @@ spec:
path: log.conf
- key: healthy.sh
path: healthy.sh
+ {{- if (include "common.needTLS" .) }}
- key: aai_cert.cer
path: aai_cert.cer
- key: aai_key.key
path: aai_key.key
+ {{- end }}
+{{- if (include "common.needTLS" .) }}
{{ include "oof.certificate.volume" . | indent 8 }}
+{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml
index f8755ea66b..b90a6f6e89 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml
@@ -52,6 +52,7 @@ spec:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if (include "common.needTLS" .) }}
- name: {{ include "common.name" . }}-resrv-sms-readiness
command:
- sh
@@ -70,6 +71,7 @@ spec:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.curl" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
@@ -112,9 +114,11 @@ spec:
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
+ {{- if (include "common.needTLS" .) }}
- mountPath: /usr/local/bin/AAF_RootCA.cer
name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -140,6 +144,8 @@ spec:
path: log.conf
- key: healthy.sh
path: healthy.sh
+{{- if (include "common.needTLS" .) }}
{{ include "oof.certificate.volume" . | indent 8 }}
+{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml
index 154bc78e41..4499d9806e 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml
@@ -52,6 +52,7 @@ spec:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if (include "common.needTLS" .) }}
- name: {{ include "common.name" . }}-solvr-sms-readiness
command:
- sh
@@ -70,6 +71,7 @@ spec:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.curl" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
@@ -112,9 +114,11 @@ spec:
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
+ {{- if (include "common.needTLS" .) }}
- mountPath: /usr/local/bin/AAF_RootCA.cer
name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -140,6 +144,8 @@ spec:
path: log.conf
- key: healthy.sh
path: healthy.sh
+{{- if (include "common.needTLS" .) }}
{{ include "oof.certificate.volume" . | indent 8 }}
+{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/resources/config/conductor.conf b/kubernetes/oof/components/oof-has/resources/config/conductor.conf
index 78553d73af..d650808036 100755
--- a/kubernetes/oof/components/oof-has/resources/config/conductor.conf
+++ b/kubernetes/oof/components/oof-has/resources/config/conductor.conf
@@ -159,13 +159,13 @@ appkey = ""
#
# is_aaf_enabled. (boolean value)
-is_aaf_enabled = true
+is_aaf_enabled = {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
# aaf_cache_expiry_hrs. (integer value)
aaf_cache_expiry_hrs = 3
# aaf_url. (string value)
-aaf_url = https://{{.Values.config.aaf.serviceName}}:{{.Values.config.aaf.port}}/authz/perms/user/
+aaf_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.aaf.serviceName}}:{{.Values.config.aaf.port}}/authz/perms/user/
# aaf_cert_file. (string value)
#aaf_cert_file = <None>
@@ -175,7 +175,7 @@ aaf_url = https://{{.Values.config.aaf.serviceName}}:{{.Values.config.aaf.port}}
# aaf_ca_bundle_file. (string value)
#aaf_ca_bundle_file =
-aaf_ca_bundle_file = /usr/local/bin/AAF_RootCA.cer
+aaf_ca_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
# aaf_retries. (integer value)
#aaf_retries = 3
@@ -193,9 +193,12 @@ aaf_ca_bundle_file = /usr/local/bin/AAF_RootCA.cer
# From conductor
#
+# is_enabled. (boolean value)
+is_enabled = {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+
# Base URL for SMS, up to and not including the version, and without a trailing
# slash. (string value)
-aaf_sms_url = https://{{.Values.config.sms.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sms.port}}
+aaf_sms_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.sms.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sms.port}}
# Timeout for SMS API Call (integer value)
@@ -231,7 +234,8 @@ complex_cache_refresh_interval = 60
# Base URL for A&AI, up to and not including the version, and without a
# trailing slash. (string value)
-server_url = https://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai
+#server_url = https://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai
+server_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aai.port .Values.config.aai.plainPort }}/aai
# Timeout for A&AI Rest Call (string value)
#aai_rest_timeout = 30
@@ -252,7 +256,7 @@ certificate_key_file =
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
# Username for AAI. (string value)
username = OOF
@@ -676,7 +680,8 @@ concurrent = true
# Base URL for SDC, up to and not including the version, and without a
# trailing slash. (string value)
#server_url = https://controller:8443/sdc
-server_url = https://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sdc.port}}/sdc
+#server_url = https://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sdc.port}}/sdc
+server_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdc.port .Values.config.sdc.plainPort }}/sdc
# Timeout for SDC Rest Call (string value)
#sdc_rest_timeout = 30
@@ -699,7 +704,7 @@ certificate_key_file =
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
# Username for SDC. (string value)
#username =
@@ -744,7 +749,7 @@ certificate_key_file =
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
# Username for CPS. (string value)
#username =
@@ -788,7 +793,7 @@ certificate_key_file =
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
# Username for DCAE. (string value)
#username =
diff --git a/kubernetes/oof/components/oof-has/resources/config/nginx.conf b/kubernetes/oof/components/oof-has/resources/config/nginx.conf
index cbb1b60a58..9272e8581c 100644
--- a/kubernetes/oof/components/oof-has/resources/config/nginx.conf
+++ b/kubernetes/oof/components/oof-has/resources/config/nginx.conf
@@ -11,12 +11,17 @@ http {
server {
+{{ if (include "common.needTLS" .) }}
listen 8091 ssl;
server_name oof;
ssl_certificate /opt/bitnami/nginx/org.onap.oof.crt;
ssl_certificate_key /opt/bitnami/nginx/ssl/local/org.onap.oof.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
+{{ else }}
+ listen 8091;
+ server_name oof;
+{{ end }}
location / {
include /opt/bitnami/nginx/conf/uwsgi_params;
diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml
index 733b9209b5..0c5397c5a8 100755
--- a/kubernetes/oof/components/oof-has/values.yaml
+++ b/kubernetes/oof/components/oof-has/values.yaml
@@ -56,6 +56,7 @@ config:
aai:
serviceName: aai
port: 8443
+ plainPort: 80
msb:
serviceName: msb-iag
port: 80
@@ -68,6 +69,7 @@ config:
sdc:
serviceName: sdc-be
port: 8443
+ plainPort: 8080
cps:
service: cps-tbdmt
port: 8080
diff --git a/kubernetes/oof/resources/config/conf/common_config.yaml b/kubernetes/oof/resources/config/conf/common_config.yaml
index 57e8e27a19..d34967617b 100644
--- a/kubernetes/oof/resources/config/conf/common_config.yaml
+++ b/kubernetes/oof/resources/config/conf/common_config.yaml
@@ -5,7 +5,7 @@ osdf_system:
external: 8698 # clients use this port on DockerHost
osdf_ip_default: 0.0.0.0
# # Important Note: At deployment time, we need to ensure the port mapping is done
- ssl_context: ['/opt/osdf/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key']
+ ssl_context: {{ if (include "common.needTLS" .) }}['/opt/osdf/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key']{{ end }}
osdf_temp: # special configuration required for "workarounds" or testing
local_policies:
diff --git a/kubernetes/oof/resources/config/conf/osdf_config.yaml b/kubernetes/oof/resources/config/conf/osdf_config.yaml
index 441a77ab5a..ff62bb6b0a 100755
--- a/kubernetes/oof/resources/config/conf/osdf_config.yaml
+++ b/kubernetes/oof/resources/config/conf/osdf_config.yaml
@@ -11,14 +11,14 @@ placementDefaultMinorVersion: {{ .Values.config.placementDefaultMinorVersion }}
placementDefaultPatchVersion: {{ .Values.config.placementDefaultPatchVersion }}
# Credentials for Conductor
-conductorUrl: {{ .Values.config.conductorUrl }}
+conductorUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.conductorUrl.https .Values.config.conductorUrl.http }}
conductorPingWaitTime: {{ .Values.config.conductorPingWaitTime }}
conductorMaxRetries: {{ .Values.config.conductorMaxRetries }}
# versions to be set in HTTP header
conductorMinorVersion: {{ .Values.config.conductorMinorVersion }}
# Policy Platform -- requires ClientAuth, Authorization, and Environment
-policyPlatformUrl: {{ .Values.config.policyPlatformUrl }}
+policyPlatformUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.policyPlatformUrl.https .Values.config.policyPlatformUrl.http }}
policyPlatformEnv: {{ .Values.config.policyPlatformEnv }}
# Credentials for DMaaP
@@ -31,14 +31,14 @@ sdcONAPInstanceID: {{ .Values.config.sdcONAPInstanceID }}
is_aaf_enabled: {{ .Values.config.is_aaf_enabled }}
aaf_cache_expiry_mins: {{ .Values.config.aaf_cache_expiry_mins }}
-aaf_url: {{ .Values.config.aaf_url }}
+aaf_url: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aaf_url.https .Values.config.aaf_url.http }}
aaf_user_roles:
{{- range .Values.config.aaf_user_roles }}
- {{ . }}
{{- end }}
# Secret Management Service from AAF
-aaf_sms_url: {{ .Values.config.aaf_sms_url }}.{{ include "common.namespace" . }}:{{ .Values.config.aaf_sms_port }}
+aaf_sms_url: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aaf_sms_url.https .Values.config.aaf_sms_url.http }}.{{ include "common.namespace" . }}:{{ .Values.config.aaf_sms_port }}
aaf_sms_timeout: {{ .Values.config.aaf_sms_timeout }}
secret_domain: {{ .Values.config.secret_domain }}
aaf_ca_certs: {{ .Values.config.aaf_ca_certs }}
@@ -56,7 +56,7 @@ cpsCellListUrl: {{ .Values.config.cps.cellListUrl }}
cpsNbrListUrl: {{ .Values.config.cps.nbrListUrl }}
# AAI api
-aaiUrl: {{ .Values.config.aaiUrl }}
+aaiUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aaiUrl.https .Values.config.aaiUrl.http }}
aaiGetLinksUrl: {{ .Values.config.aaiGetLinksUrl }}
aaiServiceInstanceUrl : {{ .Values.config.aaiServiceInstanceUrl }}
aaiGetControllersUrl: {{ .Values.config.aaiGetControllersUrl }}
@@ -65,7 +65,7 @@ aaiGetInterDomainLinksUrl: {{ .Values.config.aaiGetInterDomainLinksUrl }}
dslQueryPath: /aai/v23/dsl?format=
#DES api
-desUrl: {{ .Values.config.desUrl }}
+desUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.desUrl.https .Values.config.desUrl.http }}
desApiPath: {{ .Values.config.desApiPath }}
desHeaders:
Accept: application/json
@@ -77,4 +77,3 @@ desPassword: {{ .Values.config.desPassword }}
appkey: ''
activateConsulConfig: False
-
diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml
index 58ff39e1e5..31884c06bb 100644
--- a/kubernetes/oof/templates/deployment.yaml
+++ b/kubernetes/oof/templates/deployment.yaml
@@ -52,12 +52,13 @@ spec:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ {{- if (include "common.needTLS" .) }}
- command:
- sh
- -c
- resp="FAILURE";
until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/osdf/secret);
+ resp=$(curl -s -o /dev/null -k --write-out %{http_code} http{{ if (include "common.needTLS" .) }}s{{ end }}://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/osdf/secret);
echo $resp;
sleep 2;
done
@@ -70,6 +71,7 @@ spec:
image: {{ include "repositoryGenerator.image.curl" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-osdf-sms-readiness
+ {{- end }}
{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
@@ -80,8 +82,10 @@ spec:
args:
- "-c"
- |
+ {{- if (include "common.needTLS" .) }}
grep -v '^$' /opt/osdf/osaaf/local/org.onap.oof.crt > /tmp/oof.crt
cat /tmp/oof.crt /opt/app/ssl_cert/intermediate_root_ca.pem /opt/app/ssl_cert/aaf_root_ca.cer >> /opt/osdf/org.onap.oof.crt
+ {{ end }}
python osdfapp.py
ports:
- containerPort: {{ .Values.service.internalPort }}
@@ -108,12 +112,14 @@ spec:
- mountPath: /opt/osdf/config/osdf_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: osdf_config.yaml
+ {{- if (include "common.needTLS" .) }}
- mountPath: /opt/app/ssl_cert/aaf_root_ca.cer
name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
- mountPath: /opt/app/ssl_cert/intermediate_root_ca.pem
name: {{ include "common.fullname" . }}-onap-certs
subPath: intermediate_root_ca.pem
+ {{- end }}
- mountPath: /opt/osdf/config/common_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: common_config.yaml
diff --git a/kubernetes/oof/templates/service.yaml b/kubernetes/oof/templates/service.yaml
index 0706a8d6d4..b2da17a23f 100644
--- a/kubernetes/oof/templates/service.yaml
+++ b/kubernetes/oof/templates/service.yaml
@@ -33,11 +33,11 @@ spec:
- port: {{ .Values.service.externalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.name }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.name }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- end}}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml
index 5d668289d2..f6867bd8bf 100644
--- a/kubernetes/oof/values.yaml
+++ b/kubernetes/oof/values.yaml
@@ -56,13 +56,17 @@ config:
placementDefaultPatchVersion: "0"
# Url and credentials for Conductor.
- conductorUrl: https://oof-has-api:8091/v1/plans/
+ conductorUrl:
+ https: https://oof-has-api:8091/v1/plans/
+ http: http://oof-has-api:8091/v1/plans/
conductorPingWaitTime: 10
conductorMaxRetries: 30
# versions to be set in HTTP header
conductorMinorVersion: 0
# Url and credentials for the Policy Platform
- policyPlatformUrl: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision # Policy Dev platform URL
+ policyPlatformUrl:
+ https: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision # Policy Dev platform URL
+ http: http://policy-xacml-pdp:8080/policy/pdpx/v1/decision
policyPlatformEnv: TEST # Environment for policy platform
# Credentials for the message reader - A placeholder.
messageReaderHosts: NA
@@ -73,12 +77,16 @@ config:
#AAF Authentication
is_aaf_enabled: False
aaf_cache_expiry_mins: 5
- aaf_url: https://aaf-service:8100
+ aaf_url:
+ https: https://aaf-service:8100
+ http: http://aaf-service:8080
aaf_user_roles:
- '/placement:org.onap.oof.access|*|read ALL'
- '/pci:org.onap.oof.access|*|read ALL'
# Secret Management Service from AAF
- aaf_sms_url: https://aaf-sms
+ aaf_sms_url:
+ https: https://aaf-sms
+ http: http://aaf-sms
aaf_sms_port: 10443
aaf_sms_timeout: 30
secret_domain: osdf
@@ -95,14 +103,18 @@ config:
nbrListUrl: 'ran-network/getNbrList'
#aai api
- aaiUrl: https://aai:8443
+ aaiUrl:
+ https: https://aai:8443
+ http: http://aai:8080
aaiGetLinksUrl: /aai/v16/network/logical-links
aaiServiceInstanceUrl : /aai/v20/nodes/service-instances/service-instance/
aaiGetControllersUrl: /aai/v19/external-system/esr-thirdparty-sdnc-list
controllerQueryUrl: /aai/v19/query?format=resource
aaiGetInterDomainLinksUrl: /aai/v19/network/logical-links?link-type=inter-domain&operational-status=up
#des api
- desUrl: https://des.url:9000
+ desUrl:
+ https: https://des.url:9000
+ http: http://des.url:8080
desApiPath: /datalake/v1/exposure/
desUsername: ''
desPassword: ''